Cisco ASA 5505 Configuration Manual page 648

AAA Overview
About Authentication
Authentication controls access by requiring valid user credentials, which are usually a username and
password. You can configure the adaptive security appliance to authenticate the following items:
•
•
•
•
About Authorization
Authorization controls access per user after users are authenticated. You can configure the adaptive
security appliance to authorize the following items:
•
•
•
Authorization controls the services and commands that are available to each authenticated user. If you
did not enable authorization, authentication alone would provide the same access to services for all
authenticated users.
If you need the control that authorization provides, you can configure a broad authentication rule, and
then have a detailed authorization configuration. For example, you can authenticate inside users who
attempt to access any server on the outside network and then limit the outside servers that a particular
user can access using authorization.
The adaptive security appliance caches the first 16 authorization requests per user, so if the user accesses
the same services during the current authentication session, the adaptive security appliance does not
resend the request to the authorization server.
Cisco ASA 5500 Series Configuration Guide using ASDM
31-2
All administrative connections to the adaptive security appliance including the following sessions:
– Telnet
– SSH
Serial console
–
ASDM using HTTPS
–
VPN management access
–
The enable command
Network access
VPN access
Management commands
Network access
VPN access
Chapter 31 Configuring AAA Servers and the Local Database
OL-20339-01